Please look this over for me? Also I clicked an ok button on accident?

[Qweth]

Yeah so I am having a problem maybe with a msmpeng process.  svchost gettin in on the action also...  I clicked ok on one of the web's nefarious pop up thingies, who knows what that might have done.

 

Also I always feel like I am losing performance somewhere.  Everything runs faster for 10min after a format type thing.  So I have a couple logs here I would appreciate someone giving them a once-over to see if something may be amiss.

 

Here is this DDS I have never used this before.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.45.2

Run by Bob at 1:50:50 on 2015-03-29

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3326.1816 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Fitbit Connect\FitbitConnectService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Fitbit Connect\Fitbit Connect.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\MacroRecorder\MacroLauncher.exe

C:\Program Files\Classic Shell\ClassicStartMenu.exe

C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\League of Legends\RADS\system\rads_user_kernel.exe

C:\Program Files\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.241\deploy\LoLLauncher.exe

C:\Program Files\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.25\deploy\LoLPatcher.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\foobar2000\foobar2000.exe

C:\Program Files\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.136\deploy\LolClient.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - c:\program files\classic shell\ClassicExplorer32.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll

BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - c:\program files\classic shell\ClassicIE9DLL_32.dll

TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll

uRun: [DellSystemDetect] c:\users\bob\appdata\roaming\microsoft\windows\start menu\programs\dell\Dell System Detect.appref-ms

uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\x86\CLIStart.exe" MSRun

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun

mRun: [Classic Start Menu] c:\program files\classic shell\ClassicStartMenu.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm

IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm

IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm

IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\classic shell\ClassicIE9_32.exe

IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}

Trusted Zone: dell.com

TCP: NameServer = 192.168.2.1 66.182.71.3 63.248.56.99

TCP: Interfaces\{79AE6B05-CCA4-436D-B023-0BA638BD3935} : DHCPNameServer = 192.168.2.1 66.182.71.3 63.248.56.99

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\41.0.2272.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\bob\appdata\roaming\mozilla\firefox\profiles\lmfzicta.default\

FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]

R1 {5eeb83d0-96ea-4249-942c-beead6847053}w;{5eeb83d0-96ea-4249-942c-beead6847053}w;c:\windows\system32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}w.sys [2014-8-29 52376]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-12-6 209408]

R2 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2014-5-19 1436192]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-9-24 77312]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2014-3-18 42264]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2014-3-18 10136]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-1-2 315488]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-14 108032]

S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2010-2-12 844064]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-12-28 14848]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-12-28 49664]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-12-28 1343400]

.

=============== Created Last 30 ================

.

2015-03-29 07:34:20 9119072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8ee36eb9-0362-4037-93d6-4c82c273406f}\mpengine.dll

2015-03-28 09:38:35 -------- d-----w- c:\users\bob\appdata\local\Steam

2015-03-28 02:48:04 9119072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2015-03-26 02:42:58 908832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{518b5bf8-3fbf-4725-9a29-74ddd544e273}\gapaengine.dll

2015-03-20 06:45:47 -------- d-----w- c:\program files\Classic Shell

2015-03-19 05:35:20 -------- d-----w- C:\Downloads

2015-03-19 05:23:48 -------- d-----w- c:\users\bob\appdata\roaming\Free Download Manager

2015-03-19 04:04:17 -------- d-----w- c:\program files\Free Download Manager

.

==================== Find3M  ====================

.

2015-03-03 13:16:52 246920 ------w- c:\windows\system32\MpSigStub.exe

2015-02-05 04:12:34 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2015-02-05 04:12:33 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2015-01-03 12:10:41 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2015-01-03 11:48:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

.

============= FINISH:  1:52:13.36 ===============

 

 

 

 

And here is a hijackthis.  I have used this for awhile but it hasnt shown anything for awhile seems like.

 

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 1:41:52 AM, on 3/29/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16521)

 

FIREFOX: 34.0.5 (x86 en-US)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Fitbit Connect\Fitbit Connect.exe

C:\Users\Bob\AppData\Local\Apps\2.0\Y51J908B.NDL\4TVYEGPX.XY9\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\MacroRecorder\MacroLauncher.exe

C:\Program Files\Steam\steam.exe

C:\Program Files\Steam\bin\steamwebhelper.exe

C:\Program Files\Classic Shell\ClassicStartMenu.exe

C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Bob\Downloads\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll

O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll

O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files\Fitbit Connect\Fitbit Connect.exe" /autorun

O4 - HKLM\..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe

O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files\Fitbit Connect\Fitbit Connect.exe" /autorun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [{79BF4901-1EC4-4726-B3C2-A7859706C6E7}] "C:\Users\Bob\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe

O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe

O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.dell.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{097F4830-7E43-4ECD-BD3F-555F1C764EF9}: NameServer = 8.8.8.8

O17 - HKLM\System\CS1\Services\Tcpip\..\{097F4830-7E43-4ECD-BD3F-555F1C764EF9}: NameServer = 8.8.8.8

O17 - HKLM\System\CS2\Services\Tcpip\..\{097F4830-7E43-4ECD-BD3F-555F1C764EF9}: NameServer = 8.8.8.8

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files\Fitbit Connect\FitbitConnectService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 7067 bytes

 

 

I hope I am not out of line wrong forum or anything thanks for any help.

 

Bob

 

DDS.txt

hijackthis.log

[gtyhfy]

Hi Bob,

It is not permitted to work on possible malware-related issues here in this section of the forum.

Please read through and follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.

Please be patient, a malware analyst will assist you with looking into your issue after providing required information.

Thanks,

[Qweth]

ok is there a way for me to move this post myself or do I copy/paste and then u remove from here?

[Qweth]

nevermind i guess just needa ex this post!  You promise tho that ur programs arent whack?  meh my stuff is pretty whacked already ok so thanks ppl haveagood